We present a system, SIFT, for generating input filters that nullify
integer overflow errors associated with critical program sites such as
memory allocation or block copy sites. SIFT uses a static pro- gram
analysis to generate filters that discard inputs that may trigger
integer overflow errors in the computations of the sizes of allocated
memory blocks or the number of copied bytes in block copy
operations. Unlike all previous techniques of which we are aware, SIFT
is sound -- if an input passes the filter, it will not trigger an
integer overflow error at any analyzed site. Our results show that
SIFT successfully analyzes (and therefore generates sound input
filters for) 56 out of 58 memory allocation and block memory copy
sites in analyzed input processing modules from five applications
(VLC, Dillo, Swfdec, Swftools, and GIMP). These nullified errors
include six known integer overflow vulnerabilities. Our results also
show that applying these filters to 62895 real-world inputs produces
no false positives. The analysis and filter generation times are all
less than a second.